I decided to make a thread for spyware removal, maybe a sticky if enough people think it's useful. It will take care of a lot of spyware and browser hijacks. But most importantly it will protect you from future problems.

If you have any questions about the procedures listed here, then ask so I can make it more clear.

If you have specific questions about your spwyare, please start a new thread, to keep this one clean.

This is long and a little complicated. This is why most of the time people don't tell you how to do it, they just do it themselves. But that isn't possible in this case. It may be best to print this out so you can follow down the list and even check things off. Also, this may seem like a lot of steps, that's because it is. The reason is I can't tell exactly what you are infected with, so this long list covers most scenarios.

You only need to do this 1st step if you or anybody else uses InternetExplorer on your computer
Step 1
Open InternetExplorer.
Goto Internet Options, this will be listed either under Tools or View, depending on the version of InternetExplorer.
Goto the Security tab.
Click the red circle titled "Restricted Sites"
Click CustomLevel
Now go down the list and choose "Prompt" for each category. If prompt isn't an option, then choose "Disable." If disable isn't an option, choose High Security.
Then after going through the whole list, hit ok, then hit ok again.

Step 2
Download and install HijackThis here or here
Pay attention to where you save it.

Step 3
Download and install SpywareGuard:
here
At the end of install it will ask if you want to run SpywareGuard. You do want to.
Once it finishes you will see a red "SG" in your System Tray (near the clock in the lower right). Double click on it.
Choose to LiveUpdate it, and Update it.
Once that finishes you can close it.

Step 4
Download and install SpywareBlaster(If you don't already have it installed):
here
Once downloaded run the SpywareBlasterSetup.exe and install it.
Once done installing a window will popup showing you how to activate protection. Navigate through those windows by hitting next.
Then choose "Enable All Protection" which is listed in the main window under the tab "Protection"
Then goto the "Updates" tab
Then choose check for updates
Once the updates are downloaded a little button will appear that says "Enable protection for all unprotected items" click it
Then you can close SpywareBlaster.

Step 5
Now download and install IESpyAd:
here
Once that install is done open up My Computer (On your desktop). Navigate to C drive, then goto the IE-SpyAd Folder.
Then double click on the install.bat file.
A dos window will popup, press "2"
Then a new list of options will appear, press "1"

Step 6
Now download and install CWShredder:
here
Remember where you save it. You can save it on your Desktop if you like.

Step 7
Downlad and install Adaware (If you don't already have it installed):
here
Now open up Adaware, choose to Update it, makes sure it's updated.

Step 8
Now goto WindowsUpdate:
www.windowsupdate.com
Make sure you are all updated.

Step 9
Now choose to Restart, we are going to go into safe mode.
To get into safe mode as soon as the bios flash screen disappears start apping f8 every second.
You want to make sure to press the f8 button before the OperatingSystem flash screen appears.
If you do it correctly you will be presented with a menu, choose "Safe Mode"
Safe Mode will look weird because it only loads exactly what Windows needs to run. So it doesn't look nice.

Step 10
Now navigate to where you downloaded CWShredder and open CWShredder.exe.
Click the "Fix" button, not the "scan" button

Step 11
Now run Adaware and do a scan, remove all the items it lists. Then run it again and make sure it doesn't find anything.

Step 12
Once that is done, reboot.

Step 13
Open up internet explorer, search around a little, see if it looks fixed. Even if you think it is fixed post a HijackThis Log (In a new thread), so I can make sure it's fixed.

Step 14
To make a HijackThis log run the HijackThis.exe that you downloaded and choose "Scan"
After that is finished choose the "Save log" button (It replaces the "Scan" button).
After you choose where to save it a new notepad window will popup with all your info.
Goto Edit, Select all, then go back to Edit and hit copy.
Then start a new thread and paste all that info and also state that you have already done all these steps succesfully.

If you have ANY problems or confusion with this procedure please reply here. But do not reply with your specific spyware problems, that is for a new thread.

nice post.

Can the mods make this a stickie?

Sure, because I hate spyware...

Can I mention one little thing:

If you have a USB keyboard, you may not be able to access Safe Mode via holding or tapping F8.



You may have to use MSConfig instead:

Once you're booted up, use the START menu, then RUN, then enter "msconfig.exe"

Then click on the 'BOOT.INI' tab and check the "/SAFEBOOT" box

Next time you boot up Windows will go into Safe Mode.

Once you've cleared the mess up, repeat the process & UNCHECK the 'Safe Boot' box

Do not screw around with other settings on this tab or you'll be stuck & unable to undo the changes.

Very nice. Thanks for writing it up n99.

Man, i got a huge attack of adware today on my computer. Just went thorugh all the steps and seems to have been cleared.

thanks n99nyrwg!

Hey, no problem. I still have to clean it up a bit, I've been slacking.

Thanks for the addition Crimson, I've never had any trouble accessing safe mode with a usb keyboard, but I'll edit it to include that.

This is a special removal trick for VX2. I had to remove this on a cleints computer this week and it worked great for me. The VX2 Cleaner from adaware did not do the job.

http://www.lavasoftsupport.com/index.php?showtopic=54511

The forums are being upgraded right now.

Update list for tools

General


Microsoft Security Bulletins last update: 08 Feb 2005


Anti-Viruses


AntiVir/AVPE - last update: 05 Apr 2005

Avast - last update: 05 Apr 2005

AVG 7 Free / 7 Pro - last update: 05 Apr 2005

Bit Defender (Web site) / FTP Site (daily.zip) - last update: 05 Apr 2005

Dr. Web - last update: 05 Apr 2005

eTrust EZ - Newly Detected list last update: 05 Apr 2005

F-Prot (Web site) / FTP Site (fp-def.zip) - last update: 05 Apr 2005

F-Secure - last update: 05 Apr 2005

* KAV - last update: 05 Apr 2005

McAfee Weekly DAT - last update: 05 Apr 2005 - Beta Daily files: 05 Apr 2005

NAV LU - last update: 05 Apr 2005 - IU / FTP (2005mmdd-0xx-i32.exe): 05 Apr 2005

Nod-32 - last update: 05 Apr 2005

Norman Virus Control - last update: 05 Apr 2005

Panda - last update: 05 Apr 2005

RAV - last update: 05 Apr 2005

Sophos - Release Dates - last update: 05 Apr 2005

TrendMicro (PC-cillin) - last update: 04 Apr 2005 (#2.540) / Beta: 05 Apr 2005 (#2.541)

* KAV updates at least 8 times a day. All are not posted here, so please check the Web site for the latest update available.

Anti-Trojans


a² Free / Personal - last update: 02 Apr 2005

BOClean - last update: 05 Apr 2005

Ewido Security Suite - last update: 05 Apr 2005

Tauscan - last update: 05 Apr 2005

TDS-3 - last update: 05 Apr 2005

The Cleaner - readme-cdb.txt - last update: 04 Apr 2005

TrojanHunter - last update: 05 Apr 2005

Trojan Remover - last update: 05 Apr 2005


Privacy Related


Ad-Aware SE - last update: 01 Apr 2005

AGNIS - AGNIS for Outpost - AGNIS for AdShield - last update: 20 March 2005

Hpguru's Hosts File - last update: 25 Mar 2005

IE/SPYAD - last update: 20 March 2005

Microsoft Antispyware(Beta) / Giant- last update: 01 Apr 2005 (#5703)

MVPS HOSTS File - last update: 29 Mar 2005

PestPatrol - Version Info - last update: 01 Apr 2005

Spy Sweeper - last update: 31 Mar 2005

Spybot S&D - last update: 19 Mar 2005 / last Beta update: 19 Mar 2005

Spycop - last update: 04 Apr 2005

SpywareBlaster - last update: 16 Mar 2005

Spyware Block List File - last update: 04 Apr 2005


Available w/ links @ broadbandreports.com

On a brand new computer, do we also go through all these steps? It seems very complicated to me. What is a quick and easy way of protecting my computer?

That's just for spyware removal if you have been infected.

To protect a new computer:

Install an Anti-Virus
Install Lavasoft Ad-Aware
Install SpywareBlaster (and make sure to update it)

All these links can be found in "Good Software To Have" thread.

If you have more questions just ask.

new link for ie spyad

http://www.spywarewarrior.com/uiuc/resource.htm